jeantil commented on code in PR #2697: URL: https://github.com/apache/james-project/pull/2697#discussion_r2024786071
########## docs/modules/servers/partials/configure/mta-sts.adoc: ########## @@ -0,0 +1,67 @@ +link:https://datatracker.ietf.org/doc/html/rfc8461[MTA-STS] is a standard for a SMTP server to advertise its TLS +set up and whether SSL is required for it to accept emails. + +== Securing incoming traffic with MTA-STS + +Apache James supports tools for MTA-STS on the incoming traffic. + +The *EnforceMtaSts* SMTP hook can be used to ensure *MAIL FROM* transactions only happens on encrypted channels +and matches the MTA-STS 'enforce' policy. + +Sample set up: + +....xml +<handlerchain> + <!-- ... --> + <handler class="org.apache.james.smtpserver.tls.EnforceMtaSts"/> +</handlerchain> +.... + +The *TestMtaSts* SMTP hook can be used to audit *MAIL FROM* transactions on unencrypted channels +and matches the MTA-STS 'testing' policy. It will log but accept emails from such connections. +Sample set up: + + +....xml +<handlerchain> + <!-- ... --> + <handler class="org.apache.james.smtpserver.tls.TestMtaSts"/> +</handlerchain> +.... + +=== Advertizing MTA-STS support + +Configuring the MDA is only part of the story. Remains telling the world about it. Review Comment: ```suggestion Configuring the MTA is only part of the story. Remains telling the world about it. ``` ;) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
